In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. We also observed the same is true if the JSESSIONID is completely removed.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published: 2021-08-11T20:12:43
Updated: 2024-08-04T15:33:05.696Z
Reserved: 2020-09-14T00:00:00
Link: CVE-2020-25560

No data.

Status : Modified
Published: 2021-08-11T21:15:07.990
Modified: 2024-11-21T05:18:07.207
Link: CVE-2020-25560

No data.